Denial of Service Vulnerability in Helm Product by Helm Project
CVE-2026-63308
Key Information:
Badges
What is CVE-2026-63308?
Helm versions up to 4.2.3 contain a vulnerability in the Files.Lines template helper that can lead to a denial of service. An attacker can exploit this flaw by including zero-length byte slices in chart files, causing the Helm engine to panic and resulting in deterministic render failures. This issue affects various operations including template rendering, installs, upgrades, and linting processes within Helm. Users should take immediate action by updating to the patched version to ensure their deployments remain secure.
Affected Version(s)
helm 0 <= 4.2.3
helm ba6c9a29efa7bf9198dad6a5ec12b4fb30c96017
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
